Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach.
Nicky Morgan MP has written to the chief executive of Equifax Limited asking for further details about the scale of the breach, …

VB2017
Avast staffers spoke at the Virus Bulletin International Conference in Madrid, Spain, on Thursday to shed more light on their postmortem of the CCleaner fiasco – and urge developers to protect their software's toolchain and distribution systems from hackers.
The widely used utility, which removes unwanted temporary files and …

A ransomware assault late last month is continuing to affect the operations of Copeland Borough Council in the northwest of England.
The processing of planning applications is still being affected weeks after a major cyberattack hit the council in rural North West England. The planning application for a housing development of …

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy.
An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit …

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency.
Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the …

Virgin America's staff and contractors have been told to change their passwords after a hacker raided the airline's systems.
The T-Mobile-USA-of-the-skies revealed in a letter to its workforce that its network was compromised by one or more miscreants. A copy of the missive was, as required by law, shared with California's …

Analysis
A study aiming to raise the profile of cyber insurance claims that cloud outages and ransomware outbreaks on the WannaCry scale could cost companies $81.7bn – more than natural disasters like 2012's Hurricane Sandy. That's an awful lot of money, but wait – before you fish out the wallet – how did the authors arrive at these …

UK motoring organisation The AA belatedly admitted late on Friday, July 7th that customer data – including in some cases partial credit card numbers – had been exposed in a recent breach. Security experts gave the confession a frosty response while a specialist IT lawyer said incident response handling of this type would risk …

UK car insurance giant the AA caused all sorts of confusion on Monday after accidentally sending out a "password update" email to people.
The alert led to motorists rushing to log into the motoring organization's website to change their passwords, only to overload the servers and effectively run them over. Brits were furious …

The European energy sector is being targeted by advanced threat actors seeking proprietary information to advance the capabilities of domestic companies, according to FireEye Mandiant.
The latest annual report by FireEye's incident response arm further warns that cyber threat groups are also targeting European industrial …

Yahoo! knew it had been compromised by a state-sponsored hackers in 2014 despite not publicly disclosing this crucial information until 2016.
The disclosure of some internal knowledge prior to public admission of a problem in September 2016 comes from a recent SEC filling, in paragraphs covering the investigation of the …

European enterprises are teaming with information security agencies and governments to run a pan-European cyberwar readiness exercise today.
Cyber Europe 2016 - which involves thousands of experts from all 28 EU Member States, Switzerland and Norway - is being co-ordinated by European Union security agency ENISA. It's the …

NHS Digital is set to start expanding the range of cybersecurity services available to UK hospitals and clinics.
CareCERT (Care Computer Emergency Response Team) launched in November 2015, offering a national service that helps health and care organisations to improve their cybersecurity defences by providing proactive advice …

Cisco wants incident responders to be more self-conscious.
The Borg's seasoned computer security incident response team boffins Gavin Reid and Jeff Bollinger say a knock to the ego will help combat the Dunning-Kruger effect in which over-confidence and a steering away from the rule book can lead to dangerous oversights.
The …

Security boffins at ANZ, one of Australia's largest banks, have offered their nightHawk incident response tools for organisations running free Mandiant tools.
Mandiant's open source platform is fit for enterprises requiring incident response at scale, and can run off a laptop for many investigations.
ANZ bank security …

AusCERT Audio
Security and forensics man Ashley Deuble has outlined the six stages of good incident response that if followed could bring an enterprise in line with Fortune 50 best practice.
The Griffith University security manager says the steps of preparation; identification; containment; eradication; recovery, and lessons learned are …

Lessons from building the threat intelligence platform for the Israeli Defence Force form the technical foundations of a new security startup called Siemplify.
Siemplify’s tech is designed to contextualise threat alerts from the disparate array of security technologies on enterprise networks (anti-malware, intrusion detection …